[ARGUS] Get active connections
Andrew Pollock
andrew-argus at andrew.net.au
Sun Jun 27 23:48:50 EDT 2004
On Mon, Jun 28, 2004 at 08:43:11AM +1000, Steve McInerney wrote:
> It might be easier to repeatedly poll netstat with an appropriate egrep
> to filter the traffic you wish to see?
>
>
> This is one I use as a Q&D on Solaris fairly regulary:
> netstat -an | egrep "^[^ ]+\.80.+ESTAB"
>
> then pipe thru "wc -l" to count. Compare with "$ALARM_LIMIT" and you're
> away.
> Where "80" is the port number to watch.
>
>
> Perhaps it might help to further define the problem set? Are you after
> real time or post analysis? The above is for near to real time.
>
>
> HTH?
>
That's only going to help if he wants to see the connections on the box
itself.
If he's got an Argus probe in the middle of two (or more) boxes, and he
wants to see all the active connections, he's going to want to do something
with Argus to see how many connections Argus is keeping track of.
I wonder if ratop is the weapon of choice?
Andrew
More information about the argus
mailing list